[#MXS-69] dbfwfilter should be pessimistic about rule syntax errors

[MXS-69] dbfwfilter should be pessimistic about rule syntax errors Created: 2015-03-27 Updated: 2017-12-01 Resolved: 2015-05-01
Status:	Closed
Project:	MariaDB MaxScale
Component/s:	None
Affects Version/s:	None
Fix Version/s:	1.1.1

Type:

New Feature

Priority:

Minor

Reporter:

Kolbe Kegel (Inactive)

Assignee:

markus makela

Resolution:

Fixed

Votes:

Labels:

None

Description

[Database Firewall]

type=filter

module=dbfwfilter

rules=/home/skysql/dbfwfilter_rules.txt

rule testrule deny no_where_clause

users kolbe@% testuser@% match strict_all rules

2015-03-21 08:58:24   fwfilter: Rule syntax incorrect, right keywords not found in the correct order: users kolbe@% testuser@% match strict_all rules

However, the user kolbe@% is allowed to execute queries. I think it would make more sense for the filter to be pessimistic and block the named users from executing any queries in this case.

It's also problematic that the rule syntax isn't parsed until the user tries to execute a query. There's no way to know whether the rules are correct before the user is already allowed to execute possibly problematic queries.

Comments

Comment by markus makela [ 2015-05-01 ]

Unexpected parameters and syntax errors now cause a failure to load the filter.

Comment by Timofey Turenko [ 2015-05-12 ]

check is added to fwf test. (see https://github.com/mariadb-corporation/maxscale-system-test/blob/master/fwf.cpp)

Generated at Thu Feb 08 03:56:33 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MXS-69] dbfwfilter should be pessimistic about rule syntax errors Created: 2015-03-27 Updated: 2017-12-01 Resolved: 2015-05-01